Reading a cookie

Where to get and set cookies?

Cookies are part of HTTP request so it's a good idea to do both in controller which responsibility is exactly dealing with request and response.

Cookies for subdomains

Because of security reasons, by default cookies are accessible only on the same domain from which they were set.
For example, if you have set a cookie on domain example.com, you cannot get it on domain www.example.com.
So if you're planning to use subdomains (i.e. admin.example.com, profile.example.com), you need to set domain
explicitly:

Cross-subdomain authentication and identity cookies

In case of autologin or "remember me" cookie, the same quirks as in case of subdomain cookies are applying.
But this time you need to configure user component, setting identityCookie array to desired cookie config.

Open you application config file and add identityCookie parameters to user component configuration:

Note that you have to configure the session::cookieParams property to have the samedomain as your user::identityCookie to ensure the login and logout work for all subdomains. This behavior is better explained on the next section.

Session cookie parameters

Session cookies parameters are important both if you have a need to maintain session while getting from one
subdomain to another or when, in contrary, you host backend app under /admin URL and want handle session
separately.